Get Informed

Participate

Features

Microsoft Windows Vista

Setting a new standard for security and privacy through innovation and collaboration.

on March 30th, 2007

I Introduction

For more than 30 years, information and communications technologies have transformed the global economy and personal communications. Today, more than one billion people — one-sixth of the world’s population — use the internet, e-mail and other IT services, according to the Computer Industry Almanac. While computers have become an integral means of people’s lives and livelihoods, business and personal users have growing concerns that the integrity of IT services is being undermined in new and disturbing ways.

The sophistication and organization of online criminal activity (phishing schemes, worms, spyware, etc), along with widely publicized data breaches in the private and public sectors, threaten to erode public confidence in online commerce and other services. In fact, Consumer Reports, in its “State of the Net” report, concludes that one in three people will become a cyber-victim in 2006. Despite this threat, more than 80 per cent of online Americans have not taken the appropriate computer protection measures and are at risk for online criminal activity, or virus and spyware problems.1

Since Trustworthy Computing was introduced in early 2002, Microsoft Corp has been working hard to address security issues within its products and the broader industry. The company has made a number of advances since then, and is encouraged by the results of these investments and positive feedback from customers. Microsoft has been working closely with a myriad of partners in the public and private sectors to deliver a foundation of new security and privacy measures in the Windows Vista™ operating system, setting a new standard of computing integrity for customers and independent software vendors (ISVs).

With the forthcoming release of Windows Vista, Microsoft is empowering businesses and consumers to address mounting security threats. Through Microsoft’s “defense-in-depth” approach to technology innovation — involving fundamental protections in the platform, threat and vulnerability mitigation, and identity and access control — the operating system will enable end users to remain more secure and will protect the privacy of their information. Windows Vista will also provide IT administrators with effective ways to make networks resistant to attacks, while preserving data confidentiality, integrity and availability. Lastly, these changes will enable new solutions for both security and non-security ISVs to address the challenges currently facing the entire industry.

II Partners

Industry partners from the private and public sectors have been and remain at the core of Microsoft’s business model. They are an integral part of the environment of providing technology to customers. These partners have been involved at every stage of the research and development of Windows Vista, and will be through the public launch of the operating system, along with its worldwide distribution, delivery and subsequent support.

Microsoft recently announced the formation of the Microsoft Security Response Alliance (MSRA), a collaborative organization that allows industry partners and government agencies to exchange information and best practices on security so the industry as a whole can better protect customers from malicious threats. The MSRA builds on well-established processes for providing customers with security guidance and resources through the Virus Information Alliance, Microsoft Virus Initiative, Microsoft Security Support Alliance, the Global Infrastructure Alliance for Internet Safety, and the Microsoft Security Cooperation Program. The MSRA allows partners to take lessons learned from those programs and use them to build a comprehensive, consolidated framework to meet the security needs of IT professionals and consumers. In developing security enhancements within Windows Vista, Microsoft is working with these partners to gather input and incorporate changes, if needed, to help ensure the operating system will meet customer as well as broader industry needs.

The consumer advocacy groups Microsoft works with provide expertise in educating consumers about online safety risks. These risks are industrywide problems impacting millions of consumers round the world; the industry needs to work together to raise awareness of the threats and keep people safer online, and Microsoft’s work with advocacy groups is helping increase this awareness.

Finally, Microsoft worked closely with security partners throughout the Windows Vista design process by ensuring that they have regular access to TAPs, beta testing and product preview programs. The company received regular feedback from security partners on many of the security enhancements planned for Windows Vista, such as Windows® Security Center (WSC) and Windows Defender. In the Windows Security Center, as a result of this ongoing collaboration and feedback, Microsoft added a “snooze” state to support similar functionality within security ISV software. Also based on feedback, Microsoft changed functionality within Windows Defender to allow third-party ISVs to disable the software should a customer opt to use a third-party anti-spyware solution. The company is committed to working with ISVs because its goal is to ensure customers stay protected while also being able to select the security solutions that meet their needs.

III Key Features of Windows Vista

Kernel Patch Protection for x64 Windows

Some of the most devastating security problems arise from malicious software that manipulates the operating system “kernel,” rendering invading software undetectable to anti-virus protections and running unnoticed on a user’s computer. Protecting the integrity of the kernel is fundamental in protecting the entire system.

As computing moves from a 32-bit to a 64-bit architecture, the smaller installed base of 64-bit software makes it possible to significantly enhance the security of the kernel, reducing the potential for malicious software to invade users’ systems — and ultimately improving the customer experience. First introduced approximately two years ago in the 64-bit versions of Windows XP and Windows Server® 2003 SP1, Kernel Patch Protection improves security and makes it more difficult for hackers to hide malware deep in the OS where anti-malware technologies cannot remove it. This protection also helps prevent other software from making unauthorized or unsupported modifications to the operating system. In making these changes, Microsoft recognized the need for some of the previously available functionality to be safely implemented. There are certainly benefits from this functionality that are desirable to Windows and to customers, and it is important to Microsoft to provide extensibility that allows potential extensions to be planned for, reviewed and tested thoroughly during product development.

In making changes in Windows Vista, Microsoft recognized that ISVs still need to be able to offer their functionality. However, instead of allowing multiple parties to directly modify kernel instructions and data structures in undocumented and unsupported ways, Microsoft believes the security, performance and reliability of Windows Vista will be stronger if that functionality can instead be provided by supported mechanisms and APIs. To support the new vision of a more secure and tamper resistant operating system kernel, Microsoft is providing methods for vendors to implement new functionality in defined and supported ways. This is not limited to ISVs. In fact, Microsoft development teams will be held to the same requirements as external vendors, so products, including security, implemented by Microsoft will be using the same kernel interfaces that any other vendor would use. The company has worked with vendors to improve and increase supporting interfaces offered through Kernel Patch Protection, and will continue to work with vendors and make further updates, if needed.

Windows Security Center

The Windows Security Center is a comprehensive reporting tool that tells the customer whether key security capabilities are turned on and up to date. Customers can check their security status anytime; otherwise, the service runs silently in the background unless a problem is detected, and then users are notified and given recommended actions to help protect their computers. Also, users can register for automatic updates to keep their computers protected against potential threats, and the WSC can run in parallel with other, third-party security centers that customers may want to use.

Based on numerous interviews and responses from customers and third-party security vendors, Microsoft is refining the WSC in Windows Vista to ensure customers can easily select and access the security software that best meets their needs. The WSC in Windows Vista monitors several security functions, including the new categories of malware and anti-spyware protection, internet security settings and User Account Control. If a problem is detected, the service will alert the customer and provide an appropriate means to correct the problem. Among those functions are the following:

Firewall: The WSC monitors the installation of a firewall, including the Microsoft Windows Firewall and third-party firewalls, as well as the presence of an existing firewall and its level of functionality.

Windows Automatic Updates: The WSC verifies that the automatic updates service is enabled and using Microsoft’s recommended settings.

Anti-virus: The WSC verifies the installation of anti-virus software and, when present, it reports whether real-time scanning is enabled and whether the virus signature files are up-to-date.

Anti-spyware and other malware protection: The WSC verifies the installation of third-party anti-spyware services as well as Windows Defender, which protects the PC against spyware and other unwanted attacks, such as adware, keyloggers, bots and rootkits. When a third-party anti-spyware solution is present, or Windows Defender is on, it reports on whether scanning is enabled and if the spyware definition files are up-to-date.

Internet security settings: The WSC monitors the security settings associated with Internet Explorer® and will alert the user when those settings are changed to be lower than recommended. It provides a “restore settings” button so users can automatically fix their settings, or the user can go directly to controls to reset them manually.

User Account Control: Windows Vista includes User Account Control (UAC) to make it easier for users to run accounts with standard permissions, reducing the “surface area” for attacks. The UAC service and policy must not be disabled or degraded for this protection to work. If settings do not meet recommended standards, the WSC provides a “restore settings” button to automatically fix UAC settings.

Microsoft has provided security vendors with the ability to integrate with WSC, enabling them to create innovative solutions for existing problems. Because customers want a one-stop view of their security state, including expired or outdated security software, the company is working with a variety of ISVs on how their products can interface with the WSC to allow customers to view their status and choose to update out-of-date software in one place. To enable this, Microsoft has shared and will continue to share the technical details necessary to help ISVs — large and small — integrate with the WSC.

Moreover, several ISVs recognize that Microsoft’s primary goal is to help ensure that customers can easily access security software solutions that most closely meet their needs. In Windows Vista, the WSC will allow customers to easily track multiple security software programs they are using and the status of each, and it will provide them with options to choose from and ways to interact more directly with third-party providers, including ISVs that are not pre-installed on the PC. If a security solution expires, the option to renew the software currently installed on the PC is offered; additional choices are only presented should the customer choose to try a different service that meets the standard criteria. These alternative choices are subject to a set of neutral criteria to appear on the linked WSC offers page. Via the offers page, a range of security ISV’s are provided with opportunities to showcase their security offerings to customers at no cost. Finally, WSC can run in parallel with other, third-party security centers that customers may want to use.

All security vendor options provided in the WSC — including Microsoft’s own services — will be subjected to the same criteria and scrutiny, which are designed to help customers save money while providing greater choice. For instance, if Windows Live™ OneCare™ or another third-party offering does not meet the criteria for a particular region — such as availability in the native language — other services that meet the criteria will be offered instead. Microsoft is working to identify third-party anti-virus and anti-spyware software, and firewalls that can be monitored by the WSC, thereby ensuring customers can choose from the most relevant vendors in their areas.

BitLocker Data Encryption

One of the most significant emerging threats to computers is data theft and unwanted exposure from lost, stolen or decommissioned PCs. It is a growing concern among security experts and corporate executives. According to a recent survey by The Ponemon Institute and Vontu Inc, of nearly 500 information security professionals, 81 per cent of their companies reported the loss of one or more laptops containing sensitive information during the past 12 months.

One of Microsoft’s top customer requests regarding security in Windows Vista was to address the threat of data theft or exposure. Data on lost or stolen machines often can be viewed by installing a different operating system, moving the disk drive to a new machine, or using other “offline attacks.” Recent legislation and government regulations aimed at safeguarding consumer information and privacy have made securing this data even more important.

BitLocker™ Drive Encryption is a hardware-enabled data protection feature in Windows Vista that helps protect data on a PC. By encrypting the entire Windows volume, it prevents unauthorized users from accessing data by breaking Windows file and system protections, or attempting the offline viewing of information on the secured drive.

BitLocker is simple to deploy, and it enables secure and easy recovery by an authorized administrator. The system and hardware integrity are checked early in the “booting” process, and the computer will not boot if system files or data have been tampered with. BitLocker also features centralized storage and management of encryption keys, and allows IT administrators to store encryption keys and passwords onto a USB key or to a separate file for additional backup. The program also provides for system recovery in the field. A user who needs BitLocker’s recovery mode can simply enter a recovery password.

Windows Defender

Over the past several years, spyware and other unwanted software such as adware have become major problems for computer users. Unwanted spyware is found on more than two-thirds of all computers, and it is putting users’ privacy and personal information at risk, as well as causing significant performance and reliability problems.2

System crashes from online and PC threats can cause frustration, impede productivity, and cost companies and individuals billions of dollars a year in repair and support costs. It is possible for a computer to become infected within the first few minutes of connection to the internet, and the risk increases greatly as the user visits websites.

Microsoft believes it is essential for all users to have anti-spyware protection. As a matter of principle and customer choice, Microsoft wants to provide users with options around what software is installed and running on their PCs. Based on customer and partner concerns about spyware, Microsoft has integrated its anti-spyware solution — Windows Defender — into Windows Vista. Windows Defender helps protect against and remove spyware, adware, keystroke loggers, control utilities and some other forms of so-called spyware.

Windows Defender also provides Software Explorer, which gives users additional visibility into what is running on their PC. This represents a significant improvement over earlier operating system software products, in which stopping or disabling rogue software often involved investigating the system registry or conducting complex analyzes. Windows Defender also registers activities, such as cleaning and removal services, to the Windows event log, thereby enabling an administrator to keep updated on the status of the system.

Microsoft designed Windows Defender to work effectively with other anti-malware products. Users who choose a third-party solution can keep Windows Defender enabled along with their preferred third-party solution, to provide added protection in the event one anti-spyware solution does not identify some spyware but the other one does. Also, if the user’s subscription to the third-party product expires, the protection from Windows Defender will continue uninterrupted. Of course, users can turn off Windows Defender if they choose, and ISVs can disable Windows Defender programmatically. Similarly, network administrators in an enterprise environment can enable or disable Windows Defender, and computer manufacturers can turn it off by default on new PCs.

IV Conclusion

Microsoft’s ultimate goal is to make Windows Vista the most secure PC operating system software in the history of Windows. With its forthcoming release, Microsoft is delivering an integrated and carefully configured system that brings greater clarity and focus to the desktop experience, as well as a new level of confidence in computing through improved security, reliability and manageability.

In designing and developing Windows Vista, Microsoft considered the needs of both consumers and businesses, and created a set of features that can be configured for various segments of customers. Moreover, partner organizations from the private and public sectors have played integral roles in both creating the vision of Windows Vista, as well as its development and upcoming launch. The new operating system simplifies security for consumers and IT professionals, making computing more reliable and thereby increasing trust throughout all sectors of our inter-connected world.

There is no “silver bullet” to address every current and future security threat. However, the security advancements in Windows Vista underscore Microsoft’s uncompromising commitment to enabling a trustworthy computing environment that helps individuals and businesses realize their full potential.

Use of this site is governed by our Terms of Use and Privacy Policy.
Copyright 1996- Ziff Davis, LLC. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission
of Ziff Davis, LLC. is prohibited.PCMag Digital GroupAdChoice